search for: infotxt

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

>From what I understand, the problem is due to people's disagreement about what the "correct" behavior should be. I'm pretty sure that the following is the correct behavior from running rsh and ssh often (both fsecure and openssh). Lets say you have a stupid script that does while 1 do sleep 1 done Called foreverSleep on your remote host: rsh remotehost

...;$Id"); + +#ifdef OPIE + +#include <opie.h> + +#include "xmalloc.h" +#include "auth.h" + +static void * +opie_init_ctx(Authctxt *authctxt) +{ + return authctxt; +} + +#define PROMPT "\nOPIE Password: " + +static int +opie_query(void *ctx, char **name, char **infotxt, + u_int* numprompts, char ***prompts, u_int **echo_on) +{ + Authctxt *authctxt = ctx; + char challenge[OPIE_CHALLENGE_MAX+64], *p; + int len; + struct opie opie; + + if (opiechallenge(&opie, authctxt->user, challenge) != 0) + return -1; + + opieverify(&opie, ""); /* Zap l...

...et, Buffer *m) +{ + debug3("%s: entering", __func__); + + if (sshpam_auth_ctxt == NULL) + sshpam_auth_ctxt = sshpam_init_ctx(authctxt); + + monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); + + return (0); +} + +int +mm_answer_sshpamquery(int socket, Buffer *m) +{ + char *name, *infotxt; + u_int numprompts; + u_int *echo_on; + char **prompts; + int res; + + if (sshpam_auth_ctxt == NULL) + fatal("%s: No PAM kbd-int auth context", __func__); + + res = sshpam_query(sshpam_auth_ctxt, &name, &infotxt, &numprompts, + &prompts, &echo_on); + + if (res !=...

...Buffer *m) +{ + debug3("%s: entering", __FUNCTION__); + + if (sshpam_auth_ctxt == NULL) + sshpam_auth_ctxt = sshpam_init_ctx(authctxt); + + monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); + + return (0); +} + +int +mm_answer_sshpamquery(int socket, Buffer *m) +{ + char *name, *infotxt; + u_int numprompts; + u_int *echo_on; + char **prompts; + int res; + + if (sshpam_auth_ctxt == NULL) + fatal("%s: No PAM kbd-int auth context", __FUNCTION__); + + res = sshpam_query(sshpam_auth_ctxt, &name, &infotxt, &numprompts, + &prompts, &echo_on); + + if (re...

...Apr 2002 10:28:49 -0000 1.6 +++ monitor_wrap.c 24 Apr 2002 01:03:18 -0000 @@ -804,6 +804,77 @@ return ((authok == 0) ? -1 : 0); } +void * +mm_pam_init_ctx(struct Authctxt *authctxt) +{ + fatal("Not implemented"); + return (NULL); +} + +int +mm_pam_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + int res; + char *challenge; + + debug3("%s: entering", __FUNCTION__); + + buffer_init(&m); + mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAMQUERY, &m); + + mm_request_receive_expect(monitor->m_recv...